Pages

Wednesday, January 9, 2013

IHE efforts in RESTful security

This is a simple update at the beginning of the year and IHE development cycle.

First, the slate of things that IHE IT Infrastructure (ITI) committee is working on this year is large. Here is a summary of the work items for the ITI committee. I state this because last year ITI got one profile completed, the Mobile Health Documents profile that I wrote. So I want to encourage extra support from people who don't usually get involved.

The specific work item of interest is one that I am calling “Internet User Authentication/Authorization” (IUA). Yes, I am being cute with the acronym since there is already EUA and XUA. They are all very functionally similar, just focused on different technology stacks.

IHE ITI is right now in the stage of gathering use-cases and thus the 'interoperability needs’. In the coming months these needs will be evaluated against available standards. The most likely standard at this point is oAuth 2.0. Due to the scope and expected standard, this is more than just user authentication as it also includes application authorization. Much like the scope of oAuth. We are not purely driven by oAuth capability, but like oAuth the need is based on the use-case problems. The problems of Internet based Authentication and the problems of mobile devices and mobile applications.

This profile is expected to be used widely and not just include IHE use-case. IHE is gathering usecases from HL7-FHIR, DICOM-WADO, and Continua. This profile is also expecting to leverage work that has already gone on. For example the RHEx work done in the USA under the S&I Framework. This profile is also expecting to be in harmony with the efforts of the USA NSTIC effort.

The development work will be done through a Google+ community. This is an open community due to the interest from many organizations. The workspace for the development will be on the IHE FTP site

There are two formal telephone conferences prior to the next face-to face. On 2/13 and 3/13 at 8am central. These are the more formal workitem focused with the whole ITI committee. Right now we have a weekly meeting Wednesday mornings at 8am central. However this is going to change. There will be some form of survey out to discover the best time. This survey will utilize the Google+ community so sign up. The IHE calendar is published at http://www.ihe.net/calendar/

The next face-to-face meeting for the IHE ITI committee is March 18-22, in Treviso Italy. This meeting is where we focus on finishing the Vol 1 material, and doing the standards analysis. The result of this meeting should be the selection of a standard to develop.

About Me

The information posted here are mine and not necessarily represent By Light Professional IT Services Inc. I am a Standards Architect specializing in Standards Architecture in Interoperability, Security, and Privacy for By Light Professional IT Services Inc. Primarily involved in the international standards development and the promulgation of those standards. Co-chair of the HL7 Security workgroup, a member of the FHIR Management Group, FHIR core team, and co-chair of IHE IT Infrastructure Planning Committee. Participate in ASTM, DICOM, HL7, IHE, ISO/TC-215, Kantara, W3C, IETF, OASIS-Open, and other. Was a core member of the Direct Project specification writing, authoring the security section, and supporting risk assessment. Active in many regional initiatives such as the S&I Framework, SMART, HEART, CommonWell, Carequality, Sequoia (NwHIN-Exchange), and WISHIN. Active in the Healthcare standardization since 1999, during which time authored various standards, profiles, and white papers.

Surely there are other copyright and trademarks that I should recognize, but everyone else seems to be reasonable; expecting readers of blogs know that I am not trying to claim or take ownership of their copyright and trademarks.